1.888.749.9800

Blog

Protecting from Phishing and Spear-Phishing

SystemExperts Corporation is aware that many companies are seeing spear-phishing attempts where the emails purport to be from internal employees. We have also heard reports that compromised email accounts have been used to send spear-phishing emails to third-parties and the owner of the compromised accounts do not see the emails being sent on their behalf, nor the […]

By |October 15th, 2018|Blog, Security Breach|Comments Off on Protecting from Phishing and Spear-Phishing

Crisis Management Centers and Cyber Security

I was asked to contribute to an article about 911 communications centers recently based on my experience with large crisis management centers (think the 2014 Boston Marathon bombing). Below are my responses to the questions:

What are the common vulnerabilities communication centers face?

24-hour crisis managements centers often have shared computers. I would expect that they conduct […]

By |September 24th, 2018|Blog|Comments Off on Crisis Management Centers and Cyber Security

How to Protect Your Security Online

I was recently asked a series of questions about how to protect your security online. I’d like to share the answers here – and please feel free to reach out if you have any comments.

1. How can you create the best passwords that are hacker-proof but easy to remember?  

The best passwords aren’t […]

By |September 11th, 2018|Blog, Security Breach|Comments Off on How to Protect Your Security Online

How Do You Define Success for a Cyber Security Team?

Is it risk reduction? Training employees? Fighting back against targeted attacks?

The easy answer to this question is to build a comprehensive and mature Security Program. The difficult part is identifying every critical component that make this a success. Remembering that any security program is only as strong as the weakest link, you must build […]

By |August 28th, 2018|Blog, Security Breach|Comments Off on How Do You Define Success for a Cyber Security Team?
  • Permalink Gallery

    Business Continuity Plans and Disaster Recovery Plans (Part 2)

Business Continuity Plans and Disaster Recovery Plans (Part 2)

Comprehensive business continuity and disaster recovery plans are must-haves for companies of all sizes that are dependent on their systems to run their businesses. In Part 2 on this topic, I discuss factors that have to be considered when building a plan.

Preparing for a disaster can be a daunting task, involving many factors. A company will have […]

By |August 2nd, 2018|Blog|Comments Off on Business Continuity Plans and Disaster Recovery Plans (Part 2)
  • Permalink Gallery

    Business Continuity Plans and Disaster Recovery Plans (Part 1)

Business Continuity Plans and Disaster Recovery Plans (Part 1)

Comprehensive business continuity and disaster recovery plans are must-haves for companies of all sizes that are dependent on their systems to run their businesses.

The definition of a disaster is anything that can impact the continuation of business operations. Most people think disasters would just include major weather events (snowstorms, hurricanes, flood, and tornadoes), fire, […]

By |July 30th, 2018|Blog|Comments Off on Business Continuity Plans and Disaster Recovery Plans (Part 1)

Q&A On Reconstructing Data After a Disaster

I was recently asked about best practices for a business to reconstruct its data after a disaster by John Edwards, TechTarget. John included my tip noting that once a disaster involving data loss is identified, you must act fast to preserve your environment to prevent further damage, and to protect the archived data itself. Here are some addition […]

By |July 24th, 2018|Blog, Security Breach|Comments Off on Q&A On Reconstructing Data After a Disaster

Three Cyber Security Tips for Small Businesses

There are three critical security controls that all small businesses should implement if they are just starting to address security. These are:

  1. Keep your systems up to date by applying all security updates
  2. Make sure you have daily backups of all critical data and be sure to test the […]
By |June 28th, 2018|Blog|Comments Off on Three Cyber Security Tips for Small Businesses

Data Protection and GDPR

Do you know how your data is being used?

The most important thing an individual can do to understand how their data is used is to limit the information they provide. People by nature desire to be helpful. They click and respond quickly without a thought. Stop and think before you click.

If all of the information […]

By |June 19th, 2018|Blog|Comments Off on Data Protection and GDPR
  • Permalink Gallery

    What Questions Should an SMB Ask When Hiring Outside Cyber Security Help

What Questions Should an SMB Ask When Hiring Outside Cyber Security Help

Choosing the right cyber security consultants for an SMB can feel intimidating, but it doesn’t have to be. You don’t have to know much about cyber security to ask the right hiring questions.

To make an informed decision, an SMB should ask about the consultant’s qualifications, track record, quality of work, breadth of technical services, payment model, and […]

By |May 23rd, 2018|Blog|Comments Off on What Questions Should an SMB Ask When Hiring Outside Cyber Security Help

Top Tips for World Password Day – May 4th

To commemorate World Password Day today, I thought I’d share my top tips for for creating passwords.  They are very basic, but if you follow these guidelines, you will have a added layer of protection for your digital information.

1. A password should not be a dictionary word.

2. A password should not be easily guessable (i.e. “go pats”).

3. A password should not be […]

By |May 4th, 2018|Blog|Comments Off on Top Tips for World Password Day – May 4th

Managing IT Risk (Part 2)

Third Party Risk Management

Following up on my prior post Third Party Risk Management, (4/9/18), I’d like to share my recommendations to monitor and manage IT risk.

There are a number of Governance, Risk, and Compliance (GRC) tools available, ranging from the inexpensive to the extremely expensive. Small to medium size companies are generally […]

By |April 17th, 2018|Blog|Comments Off on Managing IT Risk (Part 2)

Managing IT Risk (Part 1)

Third Party Risk Management

Topping my list of information security risks for the coming year is third party risk management. Small to medium size companies do not have the workforce necessary to monitor the security posture of their technology service providers. To properly address the issue, a company will need to put the following in place and dedicate resources […]

By |April 9th, 2018|Blog|Comments Off on Managing IT Risk (Part 1)

Best Practices for Contracting with Cloud Service Vendors

I was recently asked about best practices for contracting with cloud service vendors – and thought this advice was worth sharing.

What is the best strategy if you decide to change vendors?

Always conduct a parallel transition. This will keep your data in place at your original vendor during the transition. This cost more but will protect […]

By |March 16th, 2018|Blog|Comments Off on Best Practices for Contracting with Cloud Service Vendors
  • Permalink Gallery

    The Shift that EternalBlue May Have Caused Within IT Leadership

The Shift that EternalBlue May Have Caused Within IT Leadership

For leaders in IT, 2017 has been the year of EternalBlue (the weaponized version of the vulnerability described in MS17-010), whether they know it or not.  EternalBlue allowed the trivial exploitation of Microsoft systems allowing an attacker to gain the highest level of system permissions.  This sort of vulnerability set the hacking community on fire and allowed […]

By |February 26th, 2018|Blog|Comments Off on The Shift that EternalBlue May Have Caused Within IT Leadership